Russia’s Olympic Spying, Comcast Weds Time Warner & More…

FOSS Week in Review

The day we fought back

Tuesday, February 11th, The Day We Fight Back, has come and gone. Whether the event was a success, failure or fell somewhere in between depends on whom you read.

Surprisingly, the biggest naysayer was probably the New York Times, which started an article. “The Day the Internet Didn’t Fight Back,” with the line, “So much for mass protest.” It appears as if the Times’ metric for this judgement was the lack of participation by some sites which took part in the online SOPA protest a couple of years back.

“Instead, the protest on Tuesday barely registered. Wikipedia did not participate. Reddit — which went offline for 12 hours during the protests two years ago — added an inconspicuous banner to its homepage. Sites like Tumblr, Mozilla and DuckDuckGo, which were listed as organizers, did not include the banner on their homepages. The most vocal protesters were the usual suspects: activist groups like the Electronic Frontier Foundation, the American Civil Liberties Union, Amnesty International and Greenpeace.

“The eight major technology companies — Google, Microsoft, Facebook, AOL, Apple, Twitter, Yahoo and LinkedIn — that joined forces in December in a public campaign to “reform government surveillance” only participated Tuesday insofar as having a joint website flash the protest banner.”

Use of the phrase “the usual suspects” would seem to be a way of adding bias to what’s supposed to be an unbiased account, eh? Then again, the folks at the Times are très sophisticated and understand such complex issues as this with a much fuller understanding than those of us who reside in the provinces.

The Verge tempered their negativity and published a piece that was a bit more balanced than the Times, although you wouldn’t know it from the title: Not Many of Us Actually Fought on The Day We Fight Back. They even went so far as to take the New York paper to task over some of their figures.

“The Times reports that ‘most’ of these communications were directed to Senator Feinstein, whose office reported a higher volume of calls than usual. … David Segal of Demand Progress says that he has “no idea” where the Times report came from, and that Feinstein received an approximately proportional number of calls based on the population of California. Sina Khanifar, who worked with the campaign, has also rebutted a number of other claims from the piece.”

“‘A hundred thousand or so calls to Congress, on a single issue, in just over 24 hours, is the sort of mark that’s met perhaps a handful of times a year, if that,’ said David Segal, executive director for Demand Progress, an organizer of the day’s events. ‘On Tuesday we sought to make a dent, while laying a foundation for escalation. In those respects it was a tremendous success, and met every goal we’d set for it. We demonstrated that civil society organizations, hundreds of thousands of activists, and major corporations are willing to bring coordinated pressure to bear on lawmakers. We will persist, we will escalate, and we will win.'”

According to the counter that remains on The Day We Fight Back’s website, 187,253 people sent emails to their legislators on February 11th and 90,084 placed phone calls. While that number may not be in the millions, as we might have hoped, it’s still not chopped liver.

The proof of the pudding, however, is in how it leaves the board. If we get legislation greatly curtailing the actions of the NSA, it’s a win. If not, everybody loses.

Russians in the machine

In the days leading up to the winter Olympics in Sochi, a story made the rounds about NBC reporter Richard Engel’s introduction to the local black hat culture. According to the story, almost as soon as he arrived his phone was cracked and he barely disconnected his laptop from Wi-Fi before his banking information was stolen. It was a good story, a fascinating read, except for one thing. It wasn’t true.

To begin with, the incident happened in Moscow, which is about 1,000 miles away from Sochi. Also, Engel purposely sought out the attacks by visiting sites that were likely to be malware laden. Finally, the attacks were not specific to Russia. All of the intrusion attempts witnessed by the NBC reporter could just as easily have happened in New York City or Peroria.

This isn’t to say that Russia isn’t a cracker hackers paradise. As anyone who runs websites knows, the country ranks at the top of the list when it comes to malware creators and malware laden websites.

According to The Verge, however, it’s not the crime boys seeking credit card info that’s worrisome in Sochi, it’s the Russian government.

“For most security researchers, the games aren’t an example of digital lawlessness, but one of the most intensive short-term campaigns of digital surveillance the 21st century has ever seen. As The Guardian has previously reported, Russian authorities are closely monitoring all web and phone traffic using a new version of their Sorm system upgraded specifically for the games. Rather than relying on sketchy open Wi-Fi from third parties, most visitors will be treated to a high-speed network maintained by the Russian government, and presumably closely monitored by state security operatives. As one Globe and Mail writer put it, ‘during the Games, it is reasonable to assume that all phone calls, e-mail, texts, web browsing, online banking and access to voice mail will be intercepted and exploited.’ And not by hackers, but by the government.”

The Verge goes on to opine that the NBC story played right into Putin’s plans, by helping him and his government justify their actions. They’d like you to believe they’re only seeking to protect hapless foreign visitors from the bad guys.

You needn’t wonder why we haven’t heard protests about this coming from Obama, Harper or Cameron. It’s long been established that the pot hasn’t the right to point a finger at the kettle. All three of these gentlemen might be well advised to keep quiet, lest they bring even more attention to their own online intelligence operations. Indeed, Bloomberg reports that recent revelations about the NSA are having a disastrous effect on the U.S. tech sector.

Since the intelligence contractor Edward Snowden began exposing surveillance programs by the National Security Agency last June, trust in U.S. technology companies has plummeted overseas. In some cases sales have slowed. And foreign regulators have been licking their chops in anticipation of a crackdown. Estimates of the cost to these companies have ranged from $21.5 billion to $180 billion by 2016.

Meanwhile, we learned this week from Ars Technica of more malicious attacks being instigated by what Kaspersky Lab says is most likely a nation state. The attacks come in the form of malware called The Mask.

“The attackers relied on highly targeted spear phishing e-mails to lure targeted individuals to malicious websites. In some cases, attackers impersonated well-known websites, such as those operated by The Guardian and The Washington Post. One of the exploits recently used by the attackers targeted CVE-2012-0773, a highly critical vulnerability in Adobe’s Flash Player that made it possible to bypass the sandbox security protection Google Chrome and other browsers rely on to prevent websites from executing malicious code on end-user computers.

“‘What makes “The Mask” special is the complexity of the toolset used by the attackers,’ the Kaspersky analysis stated. ‘This includes an extremely sophisticated malware, a rootkit, a bootkit, 32- and 64-bit Windows versions, Mac OS X and Linux versions, and possibly versions of Android and iPad/iPhone (Apple iOS).'”

The Mask malware has been digitally signed with a valid certificate belonging to a non-existant company, TecSystem Ltd.

Comcast to wed Time Warner Cable

We learned on Thursday from the New York Times of the pending marriage in an all stock deal of Comcast and Time Warner Cable. The deal is reported to be worth $45 billion.

On the same day, Wired explained why this isn’t good for anyone but Comcast and Time Warner. It’s an especially bad omen for the future of net neutrality.

“But the issues go far beyond whether consumers have access to other types of services. Most importantly, this merger would give Comcast added leverage in its relationships with television channels, content providers such as Netflix, and the companies that operate the infrastructure underpinning the internet. That could shift the balance in the battle over net neutrality, which seeks to prevent companies like Comcast from discriminating against traffic from providers like Netflix, and it could create a world in which there are even more walls dividing what and how you view content online.”

This deal if far from being completed. When Comcast took over NBC a while back, it took federal regulators over a year to approve the deal, and some restrictions were put in place before the merger was given the green light.

**********

The snow is melting quickly outside the FOSS Force office, meaning we might be able to make another milk and bread run before the next round. Until next week, may the FOSS be with you…